Russia’s hacking of U.S. institutions and individuals to disrupt our electoral and political systems brings into focus the Wild West nature of cyber attacks and our interdependence on the digital world.
Collectively and individually, we are less and less secure in that world.
The California Department of Justice last year reported that nearly 50 million data records of Californians had been breached between 2012 and 2015 and a majority were because of security failures.
One of the nation’s largest professional services firms, Deloitte, warned in its annual technology report that all companies, nonprofits, and government organizations should “prepare for a tsunami of digital crime.” Technology’s role across industries creates “new value … and opportunities” for such attacks, the company said.
In one of its final acts, the Obama Administration issued a report focusing on the quickening pace of “intrusions, disruptions, manipulations and thefts,” adding that “data manipulation is a more dangerous threat than data theft.”
Foreign state-sponsored cyberattacks are cheaper than bullets, bombs, planes, and ships. They’re also efficient and give equalizing power to smaller and less developed nations. There are no international laws, treaties, norms, or rules to govern such attacks.
Getting to the bottom of the Russian hack is important. However, the real happening was the demonstration of U.S. vulnerability to foreign state attacks on our government, businesses, educational institutions, non-profits and infrastructure, and even the potential of reaching, eventually, our smart phones and computing devices.
Our government, military, businesses and citizens are more dependent on the emerging digital world than are those in other nations.
That vulnerability expands exponentially as we wrap ourselves in connectivity through the Cloud and the Internet of Things and our ever-growing use of smart devices, cars, business processes, and sensors. But our national desire for connectivity seems unlikely to change.
“Technological advancement is outpacing security and will continue to do so unless we change how we approach and implement cybersecurity strategies and practices,” the Presidential Commission on Enhancing National Cybersecurity said in its December memo for the next president.
The report contains 16 recommendations and 53 associated action items, some of which should have been acted upon in the first 100 days of the new presidency. That deadline came and went.
Recommendations included clarification of roles and responsibilities “to protect and defend against, respond to and recover from cyber incidents,” and to create a consolidated, secure and reliable network for civilian government agencies.
“Security, privacy, and trust must be primary considerations at the outset when new cyber-related technologies and policies are conceived, rather than auxiliary issues to be taken into account after they are developed,” the report said. Public-private partnerships were emphasized.
The report cited an acute cybersecurity workforce shortage, and recommended a program to train 100,000 new practitioners by 2020. Governors were encouraged to seek authority to train and equip the National Guard to serve as part of the nation’s cybersecurity workforce.
President Trump has said he wants to make cybersecurity a priority. Trump did issue an Executive Order last month, but it is more of a plan to develop a plan. Cybersecurity advocates such as the New America Foundation’s Cybersecurity Initiative view his modest budget proposal a weak signal of any priority.
The Trump administration headed in the wrong direction by granting Internet Service Providers such as AT&T and Comcast their much sought-after authority to gather and sell their users’ browsing data and other personal information. That will increase the number of people who have such data and, presumably, increase the risk of breaches.
Instead, Trump ought to implement the commission’s recommendations. His administration, and the rest of us, need to recognize that in addition to being part of the U.S., we’re also citizens of the Republic of Technology, first identified as such by the late Librarian of Congress Daniel Boorstin. That Republic has no borders and very few norms and rules.
We who depend on technology must assume the responsibility to insist that our elected officials give priority to managing, protecting, and defending national and citizen interests in the digital world.
John M. Hein, a public policy consultant, is former director of governmental relations for the California Teachers Association. He can be contacted at firstname.lastname@example.org.